Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Technology at Emory The Building Blocks for Security at Emory University Jay D. Flanagan Security Team Lead Technical Services Copyright Jay.

Published byKennedy Searls Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Technology at Emory The Building Blocks for Security at Emory University Jay D. Flanagan Security Team Lead Technical Services Copyright Jay."— Presentation transcript:

1 Information Technology at Emory The Building Blocks for Security at Emory University Jay D. Flanagan Security Team Lead Technical Services Copyright Jay D. Flanagan 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Information Technology at Emory Information Technology Division Technical Services

3 Information Technology at Emory Information Technology Division Technical Services Past Security at Emory RACF on Mainframe Virus Scanning – Dr. Solomon Application Security Individual / department security measures

4 Information Technology at Emory Information Technology Division Technical Services

5 Information Technology at Emory Information Technology Division Technical Services Initial Changes Hiring a dedicated security person –Handling only security issues Putting together a security team –Developing the security goals and objectives Creating a security architecture –Road map for new security initiatives Funding new security initiatives –Security initiatives implementation

6 Information Technology at Emory Information Technology Division Technical Services New Security Initiatives Firewalls Virus Scanning Incident Response Web authentication / authorization Vulnerability Scanning Spam Detection Digital Certificates Security Awareness / Communication Intrusion Detection / Prevention (IDS / IPS) Network Registration HIPAA / Other Federal Regulations

7 Information Technology at Emory Information Technology Division Technical Services Firewalls

8 Information Technology at Emory Information Technology Division Technical Services Firewalls Implemented Checkpoint FW-1(3) –School of Public Health –Border –Trusted Core Implemented Checkpoint VPN-1(1) –Remote Access to Trusted Core Secure Remote Client

9 Information Technology at Emory Information Technology Division Technical Services Firewalls School of Public Health (SPH) –Implemented for research grant –Protects all SPH machines –Tweaked on a regular basis Border –Protects entire university –Protects against major vulnerabilities and hacks NetBios SQL Vulnerabilities Forces SMTP traffic to our virus scanners Blocks all internet access to our resnet subnets –Tweaked on a regular basis

10 Information Technology at Emory Information Technology Division Technical Services Firewalls Trusted Core –Protects sensitive data PeopleSoft Data –SSN’s HR Data –SSN’s Financial Data –Payroll –Credit Cards Student Data –FERPA Regulations HIPAA Entities –HIPAA Regulations –Restricted rule set Block everything, allow only specific access –Utilizes a DMZ for public access machines DMZ Firewall rules very restricted except for specific access ports –Access into Trusted Core only via the DMZ or secure remote client

11 Information Technology at Emory Information Technology Division Technical Services Virus Scanning Implemented new virus scanning services –Email virus scanning –Desktop virus scanning –Server virus scanning

12 Information Technology at Emory Information Technology Division Technical Services

13 Information Technology at Emory Information Technology Division Technical Services Virus Scanning Email virus scanning –All email coming into and going out of Emory is scanned for viruses Over 80 email servers on campus Outgoing must be set to SMTP.service.emory.edu Utilizing Trend Micro’s Virus Wall –Set up for hourly updates –During the MyDoom Virus incident, Virus Wall caught 864,000 viruses, of which 859,000 were MyDoom

14 Information Technology at Emory Information Technology Division Technical Services

15 Information Technology at Emory Information Technology Division Technical Services Virus Scanning Desktop/Server virus scanning –Purchased more robust desktop and server virus scanning client Symantec Norton Anti-Virus –Licensed for office/school and home use –Updated automatically daily –More often as necessary manually Recommend server protection be implemented on sensitive data servers –Server and desktop product are the same

16 Information Technology at Emory Information Technology Division Technical Services

17 Information Technology at Emory Information Technology Division Technical Services Incident Response Over the last several months security incidents have increased dramatically Types of incidents handled include: –Copyright –Hacks and hack attempts –Compromised machines –Viruses –Spam –Other

18 Information Technology at Emory Information Technology Division Technical Services Incident Response

19 Information Technology at Emory Information Technology Division Technical Services Incident Response

20 Information Technology at Emory Information Technology Division Technical Services Incident Response Coordination is vital across campus –All school and department local support representatives are part of the incident response team Implemented an incident response process –Incidents are received via many means, including: Email – abuse@emory.edu, securityteam- l@listserv.emory.eduabuse@emory.edusecurityteam- l@listserv.emory.edu Phone – Help Desk

21 Information Technology at Emory Information Technology Division Technical Services Incident Response –Incident information is passed to the Security Team –Security Team researches incident, creates help desk ticket and logs incident IP address information MAC address information Netbios information –Security forwards ticket to Network Communications team Capture Mac address (if not previously found) Finds location (if possible) Disables port or access to internet Updates and sends ticket back to Security Team

22 Information Technology at Emory Information Technology Division Technical Services Incident Response –Security Team forwards ticket to school or department representative (local support) who will handle cleaning machine –Once machine is cleaned, Security Team is notified. Security Updates log Notifies NetCom to re-enable port / IP address Closes help desk ticket

23 Information Technology at Emory Information Technology Division Technical Services Web Authentication/Authorization Netegrity Siteminder –Chosen after a lengthy evaluation of web authentication/authorization products –Utilizes LDAP directories Integrated with our Healthcare LDAP –Protecting upwards of 38 applications with more coming online every day –Allows for distributed administration

24 Information Technology at Emory Information Technology Division Technical Services Vulnerability Scanning Currently utilizing ISS Internet Scanner –Proactively scan over 100 machines on a monthly, bi-monthly or quarterly basis –Scan machines after security incidents –Scan network on an irregular basis to check for vulnerabilities –Scan machines as part of Security audits –Recommend regular scanning of machines storing sensitive data –Implementing the Nessus Scanning tool for more complete scanning coverage

25 Information Technology at Emory Information Technology Division Technical Services Spam Detection Implemented Spam detection in November 2003 –Utilizing Trend Micro’s Spam Prevention Service (SPS) Can handle over 50 messages a second Has over 90% success rate For the week of April 12th through April 18th, 2,531,941emails passed through our Spam scanners. Of these 2,531,941 emails 1,806,723 (71%) were marked as Spam. –Scanning all incoming email for spam Looking to scan outgoing email in the future Looking to scan other school / department email in the future –Statistics have determined that over 70% of current email coming into Emory is Spam

26 Information Technology at Emory Information Technology Division Technical Services Digital Certificates Implemented VeriSign’s digital certificate service –Over 20 certificates in service on various servers PeopleSoft Web Servers Finance HR –Allows 128 bit encryption for these server’s applications

27 Information Technology at Emory Information Technology Division Technical Services Security Awareness/Communication Updated and more relevant Security Web Pages –Created Security Awareness Page http://security.it.emory.edu Includes updated information on vulnerabilities, and viruses Includes statistics from our virus scanners and spam scanners as well as the total number of security incidents for that month Includes important links to vulnerability and virus vendors as well as other important security issues

28 Information Technology at Emory Information Technology Division Technical Services Security Awareness/Communication Regularly meet with school and department heads –Discuss current security projects and implementations –Discuss Security awareness issues –Working with school and department heads to get on team meeting agendas to do a security awareness presentation –Security Audits Audit schools and departments for security issues, and recommend how to fix the problems

29 Information Technology at Emory Information Technology Division Technical Services Security Awareness/Communication Security Posters –Created and distributed security posters across campus to promote security awareness Security Brochures –Created and distributed security brochures across campus to promote security awareness –Brochures will be included in mailing to new students –Brochures will be handed out during security awareness presentations

30 Information Technology at Emory Information Technology Division Technical Services Security Awareness/Communication Student Newspaper Articles –Running full page security awareness ads in our student newspaper, the Emory Wheel Back to School Orientations –Doing security awareness presentations at our back to school orientations each fall

31 Information Technology at Emory Information Technology Division Technical Services Security Awareness/Communication Information Security Awareness Mini- Conference –Had the first annual security awareness mini- conference at Emory on April 14, 2004. –Over 110 people attended the presentations Security awareness Legal issues HIPAA Other University awareness issues

32 Information Technology at Emory Information Technology Division Technical Services Intrusion Detection / Prevention Evaluated multiple products –ISS RealSecure –Symantec’s Manhunt –Tipping Point’s Unity One –Reflex Security’s Interceptor Chose Tipping Point’s Unity One Implemented scanners at border and Trusted Core Firewalls After initial implementation, may look to implement more IPS on host machines

33 Information Technology at Emory Information Technology Division Technical Services

34 Information Technology at Emory Information Technology Division Technical Services Network Registration Using NetReg open source code Being written in-house Tying a network id to a mac address Working to tie vulnerability and patch scanning into the tool (Nessus) Initially only students will be required to register (Resnet) –Future would include all users+

35 Information Technology at Emory Information Technology Division Technical Services HIPAA/Other Govt. Regulations Part of the HIPAA implementation team –Working with other university teams to protect HIPAA entities. Trusted Core Firewall will be utilized to protect a majority of these entities Policies can be utilized to implement rules not included in the protection of the firewall Looking at other new Government regulations –What do we need to do to implement and be in compliance Family Education Rights and Privacy Act (FERPA) Gramm-Leach-Bliley Act (GLBA) Patriot Act Sarbanes-Oxley

36 Information Technology at Emory Information Technology Division Technical Services

37 Information Technology at Emory Information Technology Division Technical Services Summary Created a security architecture Implemented new security initiatives offering many new services Implemented better means of communication and awareness across the university Always looking at ways to improve processes

38 Information Technology at Emory Information Technology Division Technical Services Contact Information Email: jflanag@emory.edujflanag@emory.edu Phone: 404-727-4962

39 Information Technology at Emory Information Technology Division Technical Services Questions?

Download ppt "Information Technology at Emory The Building Blocks for Security at Emory University Jay D. Flanagan Security Team Lead Technical Services Copyright Jay."

Similar presentations

EzScoreboard.com A Fully Integrated Administration Service.

EzScoreboard.com A Fully Integrated Administration Service.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Information Technology at Emory Copyright Jay D. Flanagan, 2005. This work is the intellectual property of the author. Permission is granted for this material.

Information Technology at Emory Copyright Jay D. Flanagan, This work is the intellectual property of the author. Permission is granted for this material.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network.

Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.

Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Copyright 2008, Elizabeth A. Evans. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright 2008, Elizabeth A. Evans. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.

Similar presentations

Ads by Google